Question 1: What are the OSPF Loop Prevention Mechanisms
In single area, the routers have the Link State Database, having the same LSDB helps the routers to build a loop-free topology.
Now in a multiarea topology, the ABRs are responsible for advertising an intra area route into another area as an inter-area route, and because the area 0 is the backbone that connects all other areas, therefore the developers of OSPF designed the ABR as the responsible of avoiding the routing loop between areas, the rule states that when an ABR learns an LSA Type-3 from another ABR through a non-backbone area, it does not trust this Type-3, in other words it ignores it for SPF calculation.
Now what about the NSSA area, of course there is a routing loop prevention mechanism, this mechanism is based on the P-bit and it is used when two NSSA ABRs are advertising a default Type-7 using the area x default-information originate command, the P-bit in the default Type-7 LSA is cleared so that another NSSA ABR will not install a default route in its routing table, this is what we call the P-bit loop prevention mechanism.
RFC Loop mechanism, another way to ensure that the routing loop is avoided is to be sure you are using the same RFC either 2328 or 1583 on all routers in a multiarea design, otherwise a loop can occur between an internal router and an ABR because the rule of path selection differs between RFC 2328 and RFC 1583. RFC 2328: an intra-area route through a non-backbone is always preferred than an intra-area route via backbone or any inter-area route. And the rule of RFC2583: the path selection is based on the cost when comparing two intra-area routes regardless the area from they are learned.
The last mechanism is when you have two regular ASBRs connected to the same area and advertising a default route using the default-information originate command, when an ASBR receives a Type-5 LSA for a default route and it already originated a default Type-5 using the same command, it ignores this default route, this is what i call ASBR default route loop prevention mechanism.
Question 2: Why area 0 is required?
Per RFC 3509 two non-backbones area cannot communicate and to ensure a loop free topology in a multi area design, especially with redundant paths, we need a central point and a reference to calculate the best path without a risk of routing loop, here comes the ABR which a special router that interconnects a non-backbone area with a backbone area, all inter-area traffic must go through the backbone area.
OSPF is a link-state routing protocol only within an area (intra-area); but almost a distance-vector routing protocol between areas (inter-area).
One of the advantages of link state protocols is that the link state database provides a “view” of the entire network but only within the area. Within the same area every OSPF router floods information about itself, its links, and its neighbors to every other router. From this flooded information each router builds an identical link state database. Each router then independently runs a shortest-path-first calculation on its database and calculates the best path to each destination.
When an OSPF domain grows large, the flooding and the resulting size of the link state database becomes a scaling problem. The problem is remedied by breaking the routing domain into areas.
When an ABR receive the LSA Type 1 and LSA Type 2 within the area, it will only send the reachability information through the LSA Type 3to another area. ABR hides the topology information and only reachability information sends between the areas.
To prevent routing loops, areas must be connected to the backbone area 0. All LSAs Type 3 must therefore pass into or out of area 0 when multiple areas are in use, whereas type 1 and 2 LSAs are confined to the local area. In other when we have multiple ABRs, an ABR ignores an LSA Type 3 learned through a non-backbone, this called as split-horizon inter-area loop prevention.
Question 3: what is the command to stop LSA-7 ?
In NSSA, external routes enter as LSA-7. But, if LSA-7 is not required, what is the command to stop LSA-7 ? if you need an NSSA area but you do not want to advertise a Type-7 LSA, to stop a Type-7 LSA to traverse the NSSA area, use the “nssa-only” keyword in the redistribute command. The “nssa-only” instructs the ASBR to clear the P-bit in its Type7-LSA. The P-bit = (P – propagate) is only used in type-7 LSAs to tell the ABRs to translate that LSA Type 7 into an LSA Type 5.
Question 4: How the NSSA ABR translator election occurs?
We have one ASBR & two ABR’s. which ABR will do LSA-7 to LSA-5 conversion? the highest ABR router ID will be the translator per RFC 1583 and 3101, but if you want to force an ABR to be a translator regardless the router ID selection, make sure the RFC is 3101 enabled (this is the default) and execute the area X nssa translate type7 always command.
Question 5: How to stop receiving specific subnets In NSSA?
While receiving routes through LSA-7, can we receive selected subnets or stop a few subnets from receiving? you can control the advertised routes through Type-7 using the summary-address command with the “not-advertise” keyword, the component networks remain hidden from other networks. or using the route-map associated with the redistribute command.
Question 6: What is the LSInfinity?
LSInfinity in OSPF has two two different values, defined in two different RFCs 3137 and 2328 but two different meanings.
- 16-bit (65535) for Router LSA
- 24-bit (16777215) for Summary LSA and External LSA.
However, the key point here is that LSInfinity has two different meanings:
For Summary and External LSAs, LSInfinity 16777215 means "unreachable".
For Router LSAs LSInfinity 65535 means "least desirable". It ensures other routers to use other Type-1 LSAs stored in their LSDB. it’s possible to have a valid route with an LSInfinite cost.
Shutdown OSPF Stub Router Advertisement is defined in RFC 3137 in 2001, updated by RFC 6987 in 2013 ---> updated by RFC 8770 Host Router Support for OSPFv2 in 2020 with a new bit called Host bit H bit.
Question 7: In OSPF, why E1 routes are preferred over E2 routes ?
E1 route uses lowest redistributed cost + lowest cost to reach ASBR we have hot potato + cold potato routing so packet will reach destination as quickly as possible. E1 considers only the redistributed metric and ignores the internal metric to reach ASBR, this behavior is called cold potato routing.
Question 8: In OSPF, what is forwarding address ?
The Forward Address is a concept related to external route through a Type-5 under certain conditions and through a Type-7 (mandatory). The idea behind this FA is to avoid a suboptimal routing in some design to reach the external routes, in other words it helps a router in an area to have a view of a hidden topology in other area, for example in NSSA, the ASBR is no longer visible from other areas, this can cause a suboptimal routing in the OSPF domain to reach the external subnets from other areas, and to make the ASBR visible, the Forward Address which is an IP address that belongs to the ASBR will help other routers in other areas to locate and calculate the shortest path to the ASBR through an inter-area route toward this Forward Address, thus the best path to the external subnets.
Question 9: What is the partition of the backbone area 0 ?
The answer is in RFC 2328 3.7 section.
RFC 2328 says:
3.7. Partitions of areas
OSPF does not actively attempt to repair area partitions. When
an area becomes partitioned, each component simply becomes a
separate area. The backbone then performs routing between the
new areas. Some destinations reachable via intra-area routing
before the partition will now require inter-area routing.
However, in order to maintain full routing after the partition,
an address range must not be split across multiple components of
the area partition. Also, the backbone itself must not
partition. If it does, parts of the Autonomous System will
become unreachable. Backbone partitions can be repaired by
configuring virtual links (see Section 15).
A discontinuous of the backbone area can result in undesirable result of losing external route when we have multiple ABRs and you are redistribution into a backbone area instead of the non-backbone area, the undesirable result is caused by the loop prevention mechanism of Type-4 LSA between ABRs.
Question 10: Why an NSSA ABR does not inject a default route automatically?
If an NSSA ASBR originates a default route into the OSPF in order to reach an external domain, the default route is injected as a Type 7 NSSA External LSA. If at the same time the NSSA ABR connecting that NSSA to Area 0 is generating a default route via a Type 3 Summary LSA, what happens?
Since Inter-Area (Type 3 LSA) MUST be preferred over NSSA External (Type 7) per the RFC, it would mean that you could never default out toward the external domain in that area because the OSPF default route via the NSSA ABR would always be preferred. This is what would be considered “Cold Potato Routing” because you are defaulting further into your network as opposed to defaulting towards an external exit point.
RFC 3101 says in section: 1.3 Proposed Solution
When summary routes are not imported into an NSSA, the default LSA
originated into it by its border routers must be a Type-3 summary-
LSA. This default summary-LSA insures intra-AS connectivity to the
rest of the OSPF domain, as its default summary route is preferred
over the default route of a Type-7 default LSA. Without a default
summary route the OSPF domain's inter-area traffic, which is normally
forwarded by summary routes, might exit the AS via the default route
of a Type-7 default LSA originated by an NSSA internal router. The
Type-7 default LSAs originated by NSSA internal routers and the no-
summary option are mutually exclusive features. When summary routes
are imported into the NSSA, the default LSA originated by a NSSA
border router into the NSSA should be a Type-7 LSA.
The solution for this problem then is for an NSSA area, tell the NSSA ABR not auto automatically originate the default route as Type 3 LSA into the NSSA. This gives you the choice to prefer the default route from a redistributed source, which would mean you are trying to achieve “Hot Potato Routing”.
Question 11: OSPF Link State or Vector Distance Routing Protocol?
OSPF is a link-state routing protocol only within an area (intra-area); but almost a distance-vector routing protocol between areas (inter-area).
One of the advantages of link state protocols is that the link state database provides a “view” of the entire network but only within the area. Within the same area every OSPF router floods information about itself, its links, and its neighbors to every other router. From this flooded information each router builds an identical link state database. Each router then independently runs a shortest-path-first calculation on its database and calculates the best path to each destination.
When an OSPF domain grows large, the flooding and the resulting size of the link state database becomes a scaling problem. The problem is remedied by breaking the routing domain into areas: That first concept is modified so that flooding occurs only within the boundaries of an area in order to reduce the routing table and the LSDB sizes, therefore, to protect the memory resources and CPU processing power. When a change occurs in an area in the topology only the routers in this area trigger the SPF algorithm through the LSA Type 1 and LSA Type 2.
When an ABR receive the LSA Type 1 and LSA Type 2 within the area, it will only send the reachability information through the LSA Type 3to another area. ABR hides the topology information and only reachability information sends between the areas.
When ABR sends a summary type 3 LSAs into another area, it says I can reach for example network 5.5.5.0 and this my metric to reach it, and you can reach this network through me. Which mean is ABR will hide topology information.
To prevent routing loops, areas must be connected to the backbone area 0. All LSAs Type 3 must therefore pass into or out of area 0 when multiple areas are in use, whereas type 1 and 2 LSAs are confined to the local area. In other when we have multiple ABRs, an ABR ignores an LSA Type 3 learned through a non-backbone, this called as split-horizon inter-area loop prevention.
RFC 3509 explains OSPF ABR Behavior and split-horizon mechanism in the following section:
1.2 Motivation
In OSPF domains the area topology is restricted so that there must be
a backbone area (area 0) and all other areas must have either
physical or virtual connections to the backbone. The reason for this
star-like topology is that OSPF inter-area routing uses the
distance-vector approach and a strict area hierarchy permits
avoidance of the "counting to infinity" problem. OSPF prevents
inter-area routing loops by implementing a split-horizon mechanism,
allowing ABRs to inject into the backbone only Summary-LSAs derived
from the
intra-area routes, and limiting ABRs' SPF calculation to consider
only Summary-LSAs in the backbone area's link-state database.
The last restriction leads to a problem when an ABR has no backbone
connection (in OSPF, an ABR does not need to be attached to the
backbone).
Question 12: What is the path selection order in OSPF?
The traditional path selection is as follow:
- Intra-Area
- Inter-Area
- E1 or N1
- E2 or N2
This traditional path selection is based on two criterias:
- ROUTE TYPE
- COST (between E1 and N1, E2 and N2)
If you read RFC 3101 and RFC 1587 for NSSA, RFC 1583 and RFC 2328 for OSPFv2. There is another step and level of path selection, which based on RFC, in other words when moving to E1/E2 versus N1/N2, another order of selection should be taken in consideration which RFC, more exactly, RFC 3101 and RFC 1587.
The old RFC 1587 for NSSA which can be currently turned on using the compatible RFC1587 command, says that if a router receives a Type-7 LSA and Type-5 for the same destination the cost to the forwarding address or ASBR are equal, the Type-5 LSA is always preferred, the OE1/OE2 routes is preferred than ON1/ON2 routes. This path selection rule is only valid if RFC 1583 is enabled (this the default on Cisco Routers).
RFC 1587, section 3.5 Calculating Type-7 AS External Routes:
When a type-5 LSA and a type-7 LSA are found to have the
same type and an equal distance, the following priorities
apply (listed from highest to lowest) for breaking the tie.
- Any type 5 LSA.
- A type-7 LSA with the P-bit set and the forwarding address non-zero.
- Any other type-7 LSA.
The reason why the RFC 1587 said that RFC 1583 is valid, because when you enable RFC 1583, this means RFC 2328 is enabled, so when RFC 2328 is there, the behavior of RFC 1587 changes, and became obsolete, while RFC 1583 is solely based on cost. RFC 2328 says the Intra-area route to ASBR through non-backbone is aways preferred than an intra-area through the backbone or inter-area to the ASBR.
Per RFC 2328, the following rules indicate which paths are preferred when multiple intra-AS paths are available to ASBRs or forwarding addresses:
- Intra-area paths using nonbackbone areas are always the most preferred.
- The other paths, intra-area backbone paths and inter-area paths, are of equal preference.
Question 13: How to suppress the Forward Address using two methods?
The OSPF Forwarding Address Suppression in Translated Type-5 LSAs causes the NSSA ABR R2 to translate Type-7 LSA to Type-5 LSAs, but it replaces Forwarding Address specified in the Type-7 LSA with the address 0.0.0.0. A Forward Address 0.0.0.0 causes R1 to direct forwarded traffic toward the external prefix to the translating NSSA ABR R2.
The first method is the using the area XX nssa translate type7 suppress-fa command on the NSSA ABR.
The second method to suppress the Forward Address is to aggregate the Type-7 LSA prefixes on the NSSA ABR using the summary-address command, an NSSA ABR is a pseudo ASBR since it is originating a Type-5 LSA, this causes the ABR to generate a Type-5 LSA for the summary prefix with a Forward Address 0.0.0.0. For example if the Forward Address is 3.3.3.3 or 3::3. Configure the summary-address 3.3.3.0 255.255.255.0 command and summary-prefix 3::/64 command respectively on the ABR.
This second method is explained Per RFC 3101, the sections Type-7 LSAs and Translating Type-7 LSAs into Type-5 LSAs explain that the FA is set to 0.0.0.0 in the translated Type-5 LSA when performing summarization on the NSSA ABR for the Type-7 LSAs.
2.3 Type-7 LSAs
Type-5 LSAs that are translations of Type-7 LSAs copy the Type-7
LSAs' non-zero forwarding addresses. Only those Type-5 LSAs that are
aggregations of Type-7 LSAs may have 0.0.0.0 as a forwarding address.
(See Section 3.2 for details.)
3.2 Translating Type-7 LSAs into Type-5 LSAs
The newly generated Type-5 LSA will have a link-state ID equal
to the Type-7 address range's address (in the case of multiple
originations of Type-5 LSAs with the same network address but
different mask, the link-state ID can also have one or more of
the range's "host" bits set). The advertising router field
will be the router ID of this area border router. The network
mask and the external route tag are set to the range's
configured values. The forwarding address is set to 0.0.0.0.
The path type and metric are set to the range's path type and
metric as defined and computed above.
But as specified in RFC 3101 section 2.3 Type-7 LSAs, the Forward Address produce efficient routing and avoid suboptimal route, so suppressing the Forward Address should be used carefully.
Question 14: Is a loop possible in OSPF?
Yes, for example a mismatch between one router running RFC 1583 and its neighbor running RFC 2328 for OSPFv2 or between one router running RFC 1583 and its neighbor running RFC 5340 for OSPFv3.
The reason is that between RFC 1583 and RFC 2328/5340 is behind the logic of the external path selection.
With RFC 2328 and 5340, the following rules indicate which paths are preferred when multiple intra-AS paths are available to ASBRs or forwarding addresses:
1-Intra-area paths using nonbackbone areas are always the most preferred.
2-The other paths, intra-area backbone paths and inter-area paths, are of equal preference.
These rules apply when the same ASBR is reachable through multiple areas. If an ASBR is reachable through the backbone area and non-backbone area. The non-backbone area route is preferred regardless the cost.
Let’s take an example:
R2 installs the external route to 45::/64 through R1:
R2#sh ipv route | s 45::
OE2 45::/64 [110/20]
via FE80::A8BB:CCFF:FE00:100, Serial2/1
R2#
R1 prefers the path through R3 to reach the external prefix 45::/64:
R1#sh ipv route | s 45::
OE2 45::/64 [110/20]
via FE80::A8BB:CCFF:FE00:300, Serial2/0
R1#
If we disable RFC 1583 using the no compatible rfc1583 command on R1:
R1(config-rtr)#ipv router osp 1
R1(config-rtr)#no compatible rfc1583
we can see that R1 is installing the path through R2-R5 toward 45::/64 prefix:
R1#sh ipv route | s 45::
OE2 45::/64 [110/20]
via FE80::A8BB:CCFF:FE00:200, Serial2/1
R1#
R1 prefers the route advertised by R5 despite the higher cost because it is an intra-area route to ASBR R5 through a non-backbone area. The route does not go through the backbone area and the next-hop is R2 (as per RFC 5340).
While R2 prefers the route advertised by R4 because the forward metric 192 to the ASBR R4 is lower than to the ASBR R5 (193) and the next-hop for 45::/64 is R1. (As per RFC 1583, the path selection is based on cost).
R2#sh ipv route | s 45::
OE2 45::/64 [110/20]
via FE80::A8BB:CCFF:FE00:100, Serial2/1
R2#
This causes a loop in the network as R2 sends the packets to R1 and R1 sends them back to R2.
This feature applies only when RFC 1583 compatibility is set to disabled using the no compatibility rfc1583 command.
While RFC 1583 the rules of external path preference is based solely on the cost.
A routing loop can also occur with the capability transit. “The OSPF Area Transit Capability feature provides an OSPF Area Border Router (ABR) with the ability to discover shorter paths through the transit area for forwarding traffic that would normally need to travel through the virtual-link path.” -Cisco
RFC 1583 and RFC 2328 state “When area border routers connecting to one or more transit areas (i.e, non-backbone areas whose TransitCapability is found to be TRUE), the transit areas’ summary-LSAs are examined to see whether better paths exist using the transit areas [vs the summary-LSAs advertised through the virtual-link from the backbone]”.
Capability transit is enabled by default. If you disable this feature, there is a risk of routing loop.
Question 15: Can an interface belong to multiple areas?
With IOS version 15.4, The OSPFv2 Multiarea Adjacency feature is introduced, this feature allows you to configure a link on the primary interface to enable optimized routing in multiple areas.
By default, an interface can only belong to one OSPF Area. When Multi-Area Adjacency is configured on an interface, the OSPF routers form more than one Adjacency (ADJ) over that link. The Multi-Area interface is a logical, point-to-point interface over which the ADJ is formed.
Multiarea adjacency can help to solve suboptimal routing issues as described in RFC 5185:
This document about OSPF Multi-Area Adjacency describes an extension to the Open Shortest Path First
(OSPF) protocol to allow a single physical link to be shared by
multiple areas. This is necessary to allow the link to be considered
an intra-area link in multiple areas. This would create an intra-
area path in each of the corresponding areas sharing the same link.
With IOS version 15.4, The OSPFv2 Multiarea Adjacency feature is introduced, this feature allows you to configure a link on the primary interface to enable optimized routing in multiple areas.
By default, an interface can only belong to one OSPF Area. When Multi-Area Adjacency is configured on an interface, the OSPF routers form more than one Adjacency (ADJ) over that link. The Multi-Area interface is a logical, point-to-point interface over which the ADJ is formed.
Question 16: How to inject a Type-7 LSA Default route on an NSSA ASBR?
The default-information originate command injects a default route only in a normal OSPF areas (backbone area and other areas), it is injected as an LSA Type 5 and the default route appears as an OE2 route.
In NSSA area since the LSA Type 5 is not allowed in NSSA area, to inject a default route into an NSSA area, we need to use the area XX nssa default-information-originate command, and it will be injected as an LSA Type 7 (NSSA external Type-2 route).
Originally the NSSA default route is advertised by an ABR (having at least one OSPF interface in the backbone area). This Default route originated by ABRs have the propagate (P) bit cleared and are thus not translated into type-5 external routes by another ABR because the P-bit loop prevention mechanism. But an NSSA ASBR can originate a Type-7 default route with the P-bit set.
Per RFC 3101 The OSPF Not-So-Stubby Area (NSSA) Option
1.3 Proposed Solution
In addition, an NSSA border router should originate a default LSA (IP
network is 0.0.0.0/0) into the NSSA. Default routes are necessary
because NSSAs do not receive full routing information and must have a
default route in order to route to AS-external destinations. Like
stub areas, NSSAs may be connected to the Area 0 backbone at more
than one NSSA border router, but may not be used as a transit area.
Note that a Type-7 default LSA originated by an NSSA border router is
never translated into a Type-5 LSA, however, a Type-7 default LSA
originated by an NSSA internal AS boundary router (one that is not an
NSSA border router) may be translated into a Type-5 LSA.
2.4 Originating Type-7 LSAs
A Type-7 default LSA for the network 0.0.0.0/0 may be originated into
the NSSA by any NSSA router. The Type-7 default LSA originated by an
NSSA border router must have the P-bit clear. An NSSA ASBR that is
not an NSSA border router may originate a Type-7 default LSA with the
P-bit set. A Type-7 default LSA may be installed by NSSA border
routers if and only if its P-bit is set.
An ASBR cannot originate a default route with the area 1 nssa default-information originate command only unlike with the NSSA ABR, to have an effect of this command we need to configure a static default route and the ASBR will originate an LSA Type 7 Default-route and this LSA 7 has area-wide flooding scope, not domain-wide. This means that the type 7 LSA originated by an ASBR will not go further than the NSSA ABR and cannot traverse the NSSA area, therefore what will R3 do?
Simply the ASBR will allow the ABR to translate this LSA Type 7 by setting the P-bit.
So, because of the presence of a non-OSPF static default route, the LSA Type 7 originated by the ASBR has P-bit set and therefore it is translated by the AB into LSA Type 5 and a default route will be propagated throughout the OSPF domain.
Question 17: Why is filtering using the distribute-list only valid on ASBR?
With OSPF there are some rules to be considered when using distribute-list:
The distribute-list command is used to filter routes from being installed in the routing table or redistributed into another routing protocol.
Using the distribute-list command in the inbound direction is used to filter routes to be installed in the routing table.
Using the distribute-list command in the outbound direction filters only the desired redistributed routes. Meaning that is used only on ASBRs.
OSPF routing protocol uses the concept of LSA propagation to exchange prefix information while EIGRP routers exchanges routes. The distribute-list feature filters routes, therefore using this feature in the outbound direction on internal OSPF router is not supported.
Question 18: If only a non-OSPF route to the Forward Address exists in the RIB, can a router use it to install the external route?
Per RFC 3101, when a router receives a Type-5 LSA with the Forwarding Address set to non-zero value, it will look up an OSPF route to the Forward Address, either an intra-area or inter-area route in its routing table in order to install successfully the corresponding external route in the RIB.
RFC 3101, section 2.5 Calculating Type-7 AS External Routes
If the forwarding address is non-zero look up the forwarding
address in the routing table. For a Type-5 LSA the matching
routing table entry must specify an intra-area or inter-area
path through a Type-5 capable area. For a Type-7 LSA the
matching routing table entry must specify an intra-area path
through the LSA's originating NSSA. If no such path exists
then do nothing with this LSA and consider the next in the
list.
If the Forward Address is sourced from another source of routing like a static route, the external route will not be installed in the routing table.
In this case you can use local-rib-criteria forwarding-address command which will only check the Local OSPF rib and not Global Rib to install the route in the routing table. This command specifies that the OSPF local RIB will be used for route validation and the external route will be installed successfully.
Question 19: If two ASBRs inject a default route with the “always” keyword” into OSPF domain, is there a risk of loop?
An ASBR router that originates a default route with always keyword will never accept other LSA Type 5 0.0.0.0 learned from another ASBR router. This is to prevent loop.
The debug ip ospf spf external command will display the following message: “OSPF-1 EXTER: We originate default always. Don't install default from others”
R1#debug ip ospf spf external
OSPF SPF external debugging is on
R1#
*Nov 21 21:19:58.871: OSPF-1 EXTER: Start partial processing Type 5 External LSA 0.0.0.0, mask 0.0.0.0
*Nov 21 21:19:58.871: OSPF-1 EXTER: adv_rtr 3.3.3.3, age 1, seq 0x80000001, metric 1, metric-type 2, fw-addr 0.0.0.0
*Nov 21 21:19:58.875: OSPF-1 EXTER: We originate defau
R1#lt always. Don't install default from others
*Nov 21 21:19:58.875: OSPF-1 EXTER: Process partial nssa spf queue
Question 20: Why the P-bit must be cleared in the Type-7 default route originated by an NSSA ABR?
When an NSSA ABR originates a Type-7 default route, the P-bit must be cleared in order to tell to other NSSAs ABR: don't translate this LSA 7 and don't install it in the routing table. This P-bit is used as routing loop prevention mechanism. "An ABR, it does not accept type-7 LSA without P-bit, in order to avoid routing loops."
RFC 3101 and RFC 1587 say that a Type-7 default route originated by an NSSA ABR must have P-bit cleared or reset.
RFC 3101 section 2.4 Originating Type-7 LSAs
A Type-7 default LSA for the network 0.0.0.0/0 may be originated into
the NSSA by any NSSA router. The Type-7 default LSA originated by an
NSSA border router must have the P-bit clear. An NSSA ASBR that is
not an NSSA border router may originate a Type-7 default LSA with the
P-bit set. A Type-7 default LSA may be installed by NSSA border
routers if and only if its P-bit is set.
How OSPF forms a loop if the P bit is not cleared by ABR in the Type-7 default route.
Let's imagine the P-bit is set in the Type-7 default route.
- R1 located in area 0 learns an external prefix 1.1.1.0/24 and injects it into OSPF.
- ABR-1 and ABR-2 inject a Type-7 default route with P-bit set into an NSSA Area 1.
- ABR-1 will translate the Type-7 's ABR-2 and vice versa.
- R1 will receive two Type-5 default from ABR-1 and ABR-2 and installs load balancing.
- ABR-1 has two choices, either a Type-7 learned via area 1 or Type-5 learned through area 0, with the default RFC 3101 it prefers the Type-7 and installs a default route through ASBR. The same thing for ABR-2.
- the ASBR located in area 1 will use a default routes load balancing (Type-7) learned from ABR-1 and ABR-2.
Now assume R1 loses the external route to 1.1.1.0/24, the ASBR needs to send a packet to 1.1.1.1.
With RFC 3101 enabled: ABR-1 and ABR-2 receives this packet and will use the default route through ASBR and so on. The loop will occur between ABRs and the ASBR.
With RFC 1587 enabled: ABR-1 and ABR-2 receives this packet and will use the default route through R1 to send the packet to 1.1.1.1, R1 has already a default routes load balancing via ABR-1 and ABR-2 and so on. The loop will occur between R1 and the ASBR.
Therefore, the P-bit must be cleared when an ABR generates a Type-7 default route.
1 Comment
